April 26, 2023

Migrating to HUGO from Jekyll

I have heard about the HUGO static site generator, an alternate to Jekyll. HUGO is quite fast on large sites, uses GO language under the hood compared to Jekyll which uses ruby gems. I followed the Chen Hui Jing’s Post and Sarah’s Post for migrating from Jekyll Site to HUGO based site generator. Before migration, i noticed that I’d have to create a GitHub Action for deploying the site on the github pages, after each update/modification.

September 27, 2022

PKI Training - Registration Authority

Functions Roles Super Administrator: Security Officer: Admin Registration Authority Officer (RAO): Will have a High Trust Certificate issuing process. and not the natural person certificates. Enterprise RAO: Also known as Local Registration Authority. This role can be deployed in a client enterprise for convenience of customer handling for the provided service. Auditor: This has the view of reviewing logs. High Trust Certificates: SSL certificate, Code-Signing or e-Seal certificate are called high trust certificates because they are issued to the Organizations and can only be issued by the Admin RAO.

September 26, 2022

PKI Training - Information Technology Infrastructure Library (ITIL)

Following is a list of Services employed via ITIL: Incident Management: Event Management: Change/Release Management: Asset Management: Configuration Management: Problem Management: Knowledge Management: End Point Protection Knowledgebase: Knowledge articles are created to avoid such issues in the future. Q: Why are we employing ITIL and not some other process (i.e. COBIT)? A: Deployment is not an actual/certifiable ITIL deployment, but to establish a formal minimal deployment of all relevant management and services.

September 24, 2022

PKI Training - Day3 - Advanced Cryptography 2

ADSS Server CRL Monitor ADSS OCSP Server RFC 6960, RFC 5019 ADSS OCSP Server has multi-tenancy built in. This can be used to serve all 16 different CAs (in the categories of 1 for RootCA, 5 for Goverment offline, 5 for Commercial offline and 5 for Government issuing). All servicing systems are in high availability. DBs are in Master/Slave configuration (using the Mirroring service). Creation of a new issuing CA (expanding the footprint of the project, not scaling) may require multi-month planning and execution.

September 23, 2022

PKI Training - Day3 - Advanced Cryptography 2

First Layer: License based Modules Second layer: Common Modules Initially Key Manager generates the keys and then they are available to other modules. ADSS CA Server: ADSS OCSP Services: ADSS TSA Service: RFC3161; Can generate and send notifications; Time Source is critical and may be used as dedicated business model ADSS Server consists of following three services: Service: has 2 instances in HA Console: has 2 instances in HA Core: Has only 1 instance

September 22, 2022

PKI Training - Day3 - Advanced Cryptography 2

Q: Name the extensions in the Certificate. Ans: AIA: CDP: CRL Distribution Point Public Key Cryptography standards (PKCS) PKCS# 1: Raw Signature standard. This is then used with PKCS# 7 to make it meaningful. PKCS# 7: Cryptographic Message Syntax Standard Standard describes general syntax for data that may have cryptography applied to it, such as digital signatures and digital envelopes. Also known as CMS - Cryptographic Message Syntax (RFC 5652).

September 21, 2022

PKI Training - Cryptography Day 2

Basic PKI Services Growth of a PKI setup has following levels: First Generation: Registration Authority Certification Authority Second Generation: Validation & Time Stamping Services are included Validation Authority Time Stamping Authority Third Generation: This builds and deploy of Signing Services upon second generation technology Signing Services Server-side Signing (i.e. Remote Server, Cloud etc.) client-side Signing (i.e. smart cards, USB tokens, mobile app etc.) Verification Services: Single Trust domain Interoperability between Multiple Trust Domains Fourth Generation: Document Signing Tracking Workflow e-Notarization Archiving etc.

September 21, 2022

PKI Training - Difference between Cryptography and Encryption!

Cryptography: The discipline that embodies the principles, means, and methods for providing information security, including confidentiality, data integrity, source authentication, and non-repudiation. Source(s): NIST SP 800-175B Rev. 1 under Cryptography It is to be noted that Cryptography provides not only encryption but many other services. Encryption: Cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used.

September 20, 2022

PKI Training - Cryptography Day 2

Certificate Path Validation: This is performed for all the identities of the chain. It commonly checks for the following things: build & validate the certificate chain from the user certificate upto the trusted root. Check for intended purpose Check for expiry or “not yet valid” Check for revoked certificate Certificate Life Cycle Following are the Register Issue Distribute/Store Use (Sign/Encrypt) Expire/Revoke Renew/Rekey Q: Can ECAC issue an Accreditation Certificate for the usage of Signing process?

September 12, 2022

Placing images in jekyll blogs

I faced a bit of an issue in understanding how to include image files in the Markdown source code for the Jekyll blog. I found it convenient to create an image using following code: ‘![Alt Text](/path/to/the/image.jpg “ImageTitle”){:height=“50%” width=“30%”}’